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1 Purpose 

The purpose of this document is to describe the technical details of a Web/WAP 
buying mechanism as part of patent registration documentation. This Web/WAP 
buying mechanism enables users to purchase products and services in virtually any 
site, which accepts credit cards, without using their own credit card. To the best of our 
knowledge this generalized buying principal does not exists today as a business 
model, nor does the technology that we are using to implement it. 

2 Overview 

The Secure Private Agent (SPA), which is a Web/WAP based technology and 
business model, along with its supporting back-office infrastructure, is in the basis of 
our unique Web/WAP buying and service provisioning technology. SPA allows users 
to surf the Web through a browser (or a WAP appliance) as they regularly do, and to 
use SPA services in a Just-In-Time (JIT) manner. The cornerstone technology, which 
SPA is offering to the users, is the capability to shop in potentially any E-Commerce 

p ate, which accepts credit card payments, and to buy there without using their own 

U credit card number. 

{ m Some key features of this technology are: 

y ♦ There is no need to download and install any software. 

g The SPA can run as a Java applet or other on-the-fly service, which runs in 

j the user's browser or its environment. The SPA can also be installed, in 

S which case it may ofier additional services and capabilities. 

♦ The SPA technology works with virtually any E-Commerce site. 

W In order to perform a buy using the SPA, there is no need for an a-priori 

Q business relationship between the E-Commerce site and Appletix. The SPA 

O may offer additional services for E-Commerce site, which are part of its 

affiliates network. 

♦ Users can potentially perform anonymous transaction. 

The technology behind SPA allows the users to stay anonymous to the site 
(and potentially other mediators), hiding their virtual characteristics, such as 
IP address, as well as their real-world detail, such as name and credit card 
number. 

♦ The SPA learning intelligence can assist users in managing Web forms. 

Part of the SPA technology is a learning intelligence that very quickly learns 
of new Web forms, as they become active on the Web. This engine can 
automatically fill new forms (such as shipping address and usemame / 
password) with the user's details and thus be used also as a single sign-on 
solution. 
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3 Architecture 

The SPA mechanism is buflt of three components, which are developed and operated 
by Appletix, and additional three components, which are part of the overall process. 
The following figure outlines the relationship between the components, within the . 
architecture framework 




Figure 1; Major architecture components and their relationship 



l A The three SPA components, which are developed and operated by Appletix, are: 

^ ♦ Front-End Client (FEC) 

D 

g This component sits in the user's browser, which is the client side. It controls 

some of the browser's activity and interacts with the user. The FEC 
communicates with the BEG through a secure channel, relaying user requests 
and receiving information for the interaction with the user. The FEC also 
provides the user interface for SPA's services. 

♦ Back-End Gateway (BEG) 

The BEG sits on one of Appletix' servers. It interacts directly with the FEC 
and the browser at the user's side, with the ECS in which the user is surfing 
and with the BOL. The role of the BEG is to follow the users surfing path 
and to interact with the information flow to the user. This is done mainly by 
identifying key situations where an SPA service is required or appropriate* 
Note that within a WAP architecture the BEG can actually run on the WAP 
Server that translate Web content (HTML) to WAP (WML) and ultimately 
enhance its functionality. 

♦ Back-Office Logic (BOL) 

The BOL is managing the entire user and transaction related information. It 
manages the user's profile and account, and bandies the transaction 
authorization and logging. The BOL communicates to the BEG the user and 
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transaction details and communicates with the CCP to close the loop on the 
transaction authorization information. 

Additional three components, which are part of the overall process, but also exist 
independently of the SPA system, are: 

♦ E-Commerce Site (ECS) 

Actually, the ECS has no special role in the SPA scheme, except for doing its 
usual functions, Le. serving Web pages and processing the usual 
communication messages* The ECS is not aware of being part of the SPA - 
the mechanism is completely transparent to it Of course, the ECS can join 
Appletix affiliation program and add SPA components that will enhance its 
SPA functionally, but this is completely optional. 

♦ Credit-Card Partner (CCP) 

The CCP is the component that issues Appletix* credit cards, that are used 
during the buying process managed by the SPA. It is also involved in the 
authorization process as part of its usual function in processing a credit card 
payment The BOL, however, interacts with the CCP in order to set up the 



x — j > » — *- -r — - 

authorization information for Appletix' transaction, as a fraud protection 
! 5 measure. 

0* ♦ Clearing House (CH) 

tg The CH plays its usual credit-card-world role within the SPA architecture* It 

Q accepts credit card payment information from the ECS and clears those 

& transactions. The charges axe forwarded to the credit card issuer, which 

O maintains the card's credit The CH component is totally ur> aware to the 
existence of the SPA system, and to its involvement in the SPA process. 

y 
□ 
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4 Business Process 

The following steps briefly describe the business process of using the SPA system and 
the relationship between the User, Appletix and E-Commerce Site: 



1. Users are registered in Appletix, identifying personal payment information 
(e.g. Credit-Card or Bank Account). 

2. Users are assigned a credit limit. 

3. When users desire to buy in the Internet, they tog into Appletix site and 
assigned a Secure Private Agent (SPA), a software implementing the patent 
(see tech. patent). 

4. The SPA is monitoring the users buying process. 

5. The users select the products or services to purchase. 

6. When Credit-Card payment details are required, the users fill in some dummy 
Appletix payment information or let the SPA do it automatically. 

7. The users' Credit-Card information is never sent to the shopping site. 



g) 8. All payments to the sites are done by Appletix. 



9. Appletix debits the users 1 credit on behalf of their purchases, and is the only 
p party to have the access to the user personal details. 

» 10. The Internet site are not aware to the feet that Appletix is involved in the 

B transaction on behalf of the users; except for the payment details. 



U 

S 
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5 Transaction Sequences 

There are many variations in which the SPA system can be implemented These 
implementations may differ in the location where specific functions are executed, the 
depth of services, which are provided by the SPA, the amount of automatization 
supported by the SPA, etc. This section describes the specific details of a sample 
izr^kmentation of the SPA. 

5.1 Registration 

1. The user surf to Appletix site. 

2. Appletix Web server sends the Home Page. 

3. The user selects SPA Registration. 

4. Appletix Web server sends the SPA Registration form. 

5. The SPA Registration form includes the following fields: 
5A Us 



ui 



O 

i* 5.2 Password 

5.3 Numeric ID (e.g. international phone number - for I VR service). 



6. The user sends the registration information. 

7. Appletix BOL checks availability of the username. 

7* 1 If unavailable, user is requested to select new username (go to 5). 



H 8. BOL creates a new user profile. 

I , E 9. User is offered to add authentication information to the profile. 

O 9.1 Best friend's name. 



9.2 Mother maiden name. 

9.3 City of birth. 
10. End of registration. 
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5.2 Surfing With SPA 

1. The user surf to Appietix site. 

2. BEG identifies the user using a cookie. 

3. BEG sends a personalized user services page, wbkh loads the SPA Java 
applet (FEC). 

4. FEC launches a new browser window, which displays HTML with a 
FRAMESET. 

4.1 The new window does not display the Address (URL) and 
Bookmarks menu-bars. 

4.2 The top frame displays the FEC user interface, which includes 
4,2.1 Address (URL) bar. 

4^2 Bookmarks bar. 

g\ 4.2.3 Interaction area (for talk/messages/ads), 

p 4.2.4 Functional buttons* 

*si 4.3 The bottom frame displays the user's preferred home page (any 

8* Internet site), or a selection between several preferred sites. 

Ui 

m 4.3.1 All'Enks in the displayed HTML arc pointing to BEG and 

O include the original URL informatioa 

!L 5. The user type in a URL in the FEC Address bar or clicks a link. 
Q 

M. 5,1 For a typed URL, FEC sends the URL to BEG, which fetches the 

J* appropriate content and processes the links to point to BEG. 

52 For a link click, BEG receives an HTTP GET request, fetches the 
appropriate content and processes the links to point to itself. 



6. The bottom frame displays a new content from the requested link or URL. 

7. End of Surfing With SPA. 
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5.3 Buying Using SPA 

1 . The user surf with SPA (See 5.2), 

2. The user arrives to an ECS. 

3 . The user selects products or services and places them in the shopping cart, 

4. The user selects to Checkout. 

5. The ECS sends a form with fields for shipping details. 

6. BEG identifies the shipping form and inserts the user's shipping details to the 
form fields. 

7. BEG sends the modified form to the user's browser. 

8. The user modifies the shipping form, if needed, and sends it. 

9. BEG receive the shipping information, records it in the user's profile and 
forward them to the ECS. 

10. The ECS processes the shipping information and sends a payment form. 

P 

f=i 11. BEG identifies the payment form and inserts dummy Appletix values to the 

SJ form fields. 



hi 



12. BEG sends the modified form to the user's browser. 
=3 13. The user reviews the payment information, changes nothing, and sends it 

Q 

,** 14. BEG receive the payment information, which indicates payment by Appletix 
q (the dummy Appletix values). 

15. BEG query BOL for and authentication information for the user. 

yj 16. BEG sends a challenge to FEC, to be answered by the user. 

17. FEC pops a window, asking the user's approval for the transaction and 
u presenting the challenge. 

18. The user answers the challenge for approval. 

19. BEG receives the answer and checks if the challenge has been met. 

19.1 If not, BEG sends transartwn cancellation page to the user browser, 
which may Back and re-send the payment information (goto 14). 

20. BEG informs BOL about the transaction. 

21 . BOL generates unique transaction identifier. 

22. BOL informs CCP about the transaction details. 

22.1 Credit card number to be used. 

22.2 Expiration date to be used. 

22.3 Cardholder name to be used. 

23. BOL returns transaction details to BEG, 

24. BEG sends payment information with BOL's transaction details to ECS. 

25. ECS authorizes the payment information with CH. 
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26. CH authorizes the payment information with CCP. 

27. CCP approves the transaction based on BOL information. 

28. CH approves the transaction based on CCP approval. 

29. ECS approves the transaction based on CH approval. 

30. ECS sends confirmation information) optionally with reference number. 

3 1 . CCP informs BOL about the transaction approval. 

32. BOL debits the user account by the transaction amount 

<*" If ECS authorization is done offline, the actions order from step 25 onward 
may be sKghtry different ECS may send confirmation information before 
actually authorizing the transaction However, the authorization process is 
the same and the final messages between CCP and BOL remains. 
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6 Functional Implementation 

This chapter highlights some of the functional implementation of the components in 
the SPA architecture. The main focus is on Web transactions. However, the changes 
required in order to operate under the WAP framework are not significant 

6.1 FEC 



p 

m 



G 

w 

Q 
Q 



Num. 


l-'iuicrion 


Implementation 


i 


Open browser window 


Standard applet function 


2 


Display URL in browser window 


Standard applet function 


3 


Get Address (URL) 


Customized function with AWT text 
field, which retrieve the URL through 
BEG functions (1-3) 


4 


Challenge Username/Passwoid 


Customized function which accepts 
login info from the user and sends to 
BEG for verification 


5 


Activate agent command 


Customized function which allow the 
user to select a command from a text or 
graphic menu and sends it to 
appropriate BEG function for execution 


6 
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6.2 BEG 



in 
S3 

Si 

m 
y 

O 



o 

9 



1 Num 


Function 


Implementation r 


1 


Get URL from ECS 


Standard Java/Web server function 


2 


Reformat URLs m HTML 


Customized function to modify URLs 
in HTML tags such as <a» <img, <area > 
<fbrm 


3 


Send HTML to browser 


Standard Web server function 


4 


Get POST information from 
browser 


Standard Java/Web server function 


5 


Rlter POST fields 


Customized function to substitute field 
values by others 


6 


Send POST information to ECS 


Standard Java function 


7 


Identify ECS/FORM structure 


Customized function that generate 
FORM "signature" and compare to 
existing forms database 


8 


Change FORM values 


Customized function that modifies the 
FORM'S values 


9 


Learn FORM-Profile matching 


Customized function that learns new 
mapping of FORM fields and user 
profile fields 


10 


Collect FORM to profile 


Customized function that collects user 
information based on user filled form 
and existing FORM-Profile mapping 


11 


Reformat HTML privacy tags 


Customized function to modify HTML 
tags that may endanger user privacy 
such as <script, <embed i etc 


12 


Sign purchase track command 


Customized function which saves the 
HTML pages that were served to the 
user during purchase and sign them as 
future proof for T&Cs. 


13 
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6.3 BOL 



o 

crs 
U 

Q 

P 
M 



I Nuin 


FirncrioJi 


ImpfcmciiCition | 


i 


Clear user payment 


Customized function which debits the 
user's credit card 


2 


Debit internal account 


Customized function which debits the 
user's internal account based on a 
purchase amount 


3 


Credit internal account 


Customized function which credits the 
user's internal account 


4 


Internal transfer 


Customized function which moves 
credit between internal account, with 
optional commission 




C 
J 


creon purcnase 


Customized function which accepts 
user credit purchase order, clear the 
payment and credit the internal account 


6 


Open new user profile 


Customized function which registers a 
new user m the system 


7 


Open new user account 


Customized function which activates 
the user's ability to buy using SPA 


8 


Retrieve/Update user profile 


Customized function which retrieves 
information from the user's profile and 
optionally updates this information 


9 


Retrieve user account 


Customized function to report on 
account status, balance and transactions 
(changes only via credit and payment 
processing) 


10 


Generate transaction ID 


Customized function which identities a 
user SPA transaction, to be used either 
as part of Appletix credit card number 
or as part of the card holder's name 


11 


Send transaction information 


Customized function which send 
transaction information, including its 
ID, to CCP to support payment 
authorization 


12 


Receive transaction information 


Customized function which receive 
CCP payment information that was sent 
by the ECS and authorized 


13 
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6.4 CCP 



Q 
J* 

e 

» 

o 

u. 



Nuni 


Function 


Implementation 


i 


Receive payment information 


Customized function which receive 
authorization information for a payment 
transaction 


2 


Send payment information 


Customized function which informs 
BOL about payments which were 
previously authorized by its and were 
authorized by CCP 


3 


Validate payment information 


Customized function that compares a 
ECS information with BOL authorized 
transactions to determine a transaction 
validity (fraud protection) 


4 
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